Compare your login and ssh pam configs (ssh works, login doesn't). They'll be under /etc/pam.d/.

- chris

Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu


From: openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org
To: openldap-technical@openldap.org
Sent: Wed Jun 16 14:26:19 2010
Subject: I can't login linux (console) using after configurate openldap

HI,

I have started  openldap more Samba but I can't do logon via console on my linux, only access my system using ssh or telnet . When I am on console I put login and password and press "enter" , again show me screen login linux . If change /etc/nsswitch.conf fields passwd , shadow , group for files only,  the login work normally , Thre is problem between  openldap  and pam ?

I paste my /etc/nsswitch.conf

passwd:     files  ldap
shadow:     files  ldap
group:      files  ldap

#hosts:     db files nisplus nis dns
hosts:      files dns wins

and /etc/pam.d/login


n#%PAM-1.0
auth     required    pam_securetty.so
auth     required    pam_nologin.so
auth     sufficient  pam_ldap.so
auth     required    pam_unix2.so   nullok try_first_pass #set_secrpc
account  sufficient  pam_ldap.so
account  required    pam_unix2.so
password required    pam_pwcheck.so nullok
password required    pam_ldap.so    use_first_pass use_authtok
password required    pam_unix2.so   nullok use_first_pass use_authtok
session  required    pam_unix2.so   none # debug or trace
session  required    pam_limits.so
session  required    pam_env.so
session  optional    pam_mail.so



#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
#auth       include      system-auth
#account    required     pam_nologin.so
#account    include      system-auth
#password   include      system-auth
# pam_selinux.so close should be the first session rule
#session    required     pam_selinux.so close
#session    include      system-auth
#session    required     pam_loginuid.so
#session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
#session    required     pam_selinux.so open
#session    optional     pam_keyinit.so force revoke


Thanks.


--
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification

MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx


P Antes de imprimir pense em sua responsabilidade e comprometimento com o Meio Ambiente. Before printing this message, think about your ecologic responsability and environment commitment.


This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.